Lucene search

MitreCVE-2016-6838

HistorySep 07, 2016 - 7:28 p.m.

CVE-2016-6838

2016-09-0719:28:15

CWE-200

CWE-310

mitre

web.nvd.nist.gov

cve-2016-6838

huawei

x6800

xh620

rh1288

rh2288

ch140

ch226

ch220

ch121

ch222

server

vulnerability

ssh

encryption

algorithm

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm.

Affected configurations

Nvd

Node

huaweirh1288_v3_server_firmwareMatchv100r003c00

huaweirh2288_v3_server_firmwareMatchv100r003c00

huaweix6800_v3_server_firmwareMatchv100r003c00

huaweixh620_v3_server_firmwareMatchv100r003c00

AND

huaweirh1288_v3_serverMatch-

huaweirh2288_v3_serverMatch-

huaweix6800_v3_serverMatch-

huaweixh620_v3_serverMatch-

Node

huaweich121_v3_server_firmwareMatchv100r001c00

huaweich140_v3_server_firmwareMatchv100r001c00

huaweich220_v3_server_firmwareMatchv100r001c00

huaweich222_v3_server_firmwareMatchv100r001c00

huaweich226_v3_server_firmwareMatchv100r001c00

AND

huaweich121_v3_serverMatch-

huaweich140_v3_serverMatch-

huaweich220_v3_serverMatch-

huaweich222_v3_serverMatch-

huaweich226_v3_serverMatch-

VendorProductVersionCPE
huaweirh1288_v3_server_firmwarev100r003c00cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
huaweirh2288_v3_server_firmwarev100r003c00cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
huaweix6800_v3_server_firmwarev100r003c00cpe:2.3:o:huawei:x6800_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
huaweixh620_v3_server_firmwarev100r003c00cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:*:*:*:*:*:*:*
huaweirh1288_v3_server-cpe:2.3:h:huawei:rh1288_v3_server:-:*:*:*:*:*:*:*
huaweirh2288_v3_server-cpe:2.3:h:huawei:rh2288_v3_server:-:*:*:*:*:*:*:*
huaweix6800_v3_server-cpe:2.3:h:huawei:x6800_v3_server:-:*:*:*:*:*:*:*
huaweixh620_v3_server-cpe:2.3:h:huawei:xh620_v3_server:-:*:*:*:*:*:*:*
huaweich121_v3_server_firmwarev100r001c00cpe:2.3:o:huawei:ch121_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*
huaweich140_v3_server_firmwarev100r001c00cpe:2.3:o:huawei:ch140_v3_server_firmware:v100r001c00:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	rh1288_v3_server_firmware	v100r003c00	cpe:2.3:o:huawei:rh1288_v3_server_firmware:v100r003c00:::::::*
huawei	rh2288_v3_server_firmware	v100r003c00	cpe:2.3:o:huawei:rh2288_v3_server_firmware:v100r003c00:::::::*
huawei	x6800_v3_server_firmware	v100r003c00	cpe:2.3:o:huawei:x6800_v3_server_firmware:v100r003c00:::::::*
huawei	xh620_v3_server_firmware	v100r003c00	cpe:2.3:o:huawei:xh620_v3_server_firmware:v100r003c00:::::::*
huawei	rh1288_v3_server	-	cpe:2.3:h:huawei:rh1288_v3_server:-:::::::*
huawei	rh2288_v3_server	-	cpe:2.3:h:huawei:rh2288_v3_server:-:::::::*
huawei	x6800_v3_server	-	cpe:2.3:h:huawei:x6800_v3_server:-:::::::*
huawei	xh620_v3_server	-	cpe:2.3:h:huawei:xh620_v3_server:-:::::::*
huawei	ch121_v3_server_firmware	v100r001c00	cpe:2.3:o:huawei:ch121_v3_server_firmware:v100r001c00:::::::*
huawei	ch140_v3_server_firmware	v100r001c00	cpe:2.3:o:huawei:ch140_v3_server_firmware:v100r001c00:::::::*

Rows per page:

1-10 of 181

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en

www.securityfocus.com/bid/92503

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON

Related for CVE-2016-6838